This unit aims to introduce models of normal network behaviour, anomaly detection, and the process of combining and screening anomalies over space and time.
It will provide the mathematical & statistical underpinnings of anomaly detection for cybersecurity data. It will cover the following topics: dynamic network models, fundamentals of hypothesis testing, combining and screening anomalies, Bayesian methods, Monte-Carlo approaches. In coursework assignments, students will use network, point process and cluster models to find anomalies in real cyber security data.
Relation to other units
This is a new unit for 2018/19
- To recognise and apply a range of models for dynamic network data, and their estimation
- To understand core anomaly detection concepts and tools, including mastering theory and interpretation of hypothesis tests, controlling false positive rates and performing meta-analysis
- To apply these anomaly detection tools to analyse real large-scale data and report the results
Reading and References
- Casella, George, and Roger L. Berger. Statistical inference. Vol. 2. Pacific Grove, CA: Duxbury, 2002.
- Daley, D. J., and D. Vere-Jones. An Introduction to the Theory of Point Processes: Volume I: Elementary Theory and Methods, Springer, New York, 2003.
- Kolaczyk, E. D. Statistical analysis of network data: Methods and Models. Springer, New York, 2009.
- Friedman, Jerome, Trevor Hastie, and Robert Tibshirani. The elements of statistical learning. (2nd edition), Springer, New York, 2009.
- Heard, Nicholas A., et al. "Bayesian anomaly detection methods for social networks." The Annals of Applied Statistics 4.2 (2010): 645-662.
Unit code: MATHM0030
Level of study: M/7
Credit points: 10 credit points
Teaching block (weeks): 1 (7-12)
Lecturer: Dr Patrick Rubin-Delanchy
Probability 1, Statistics 1 and Statistics 2 (or equivalent)
Methods of teaching
Lectures and Problems Classes.